I have seen that some script uses hidden env variable passing. [ex] after you login the address bar on top reads: www.fool.com/run.pl?passwdwhere my real password is hidden and not shown, I was wondering how do you do that. only the varible name passwd is shown. I have try to look up tutorial on web but they don't help much. if it is possible could you write a simple working script for me that just do that.

There are only 3 ways I know of to keep the password hidden. 1) You would use method post and hidden tags. 2) You use Cookies and method post. 3) You use .htaccess. In my opinion doing it with cookies are the best way.... Here is a Cookie Password example <BLOCKQUOTE><font size="1" face="Arial,Helvetica,sans serif">code:</font><HR>

Some one correct me if I'm wrong, but if you notice that the Web page is using POST method. Post method will not show anything in the Browser window. Thus keeping all variables out of site. WHen you use GET method in a form you get something like "/login.pl?name=foo&pass=password". POST method will display "/login.pl" thats it.

By using CGI.pm like in the code above you do not need to use GET method in your web page, but you could.

Or, you could if you want make the form method POST and the action of the form "/login.pl?login". <FORM METHOD="POST" ACTION="/login.pl?login">

When using CGI.pm, if there is data in the query string (prog.cgi?...) in the form tag's action attribute, but the form's method is "post", then only the form fields can be accessed via param(). The data in the URL after the ? can be accessed via url_param().